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Our cover story this issue is a case study: “Hurrah! Someane 
else is using Linux.. So, what’s the big deal?” you might think. 
Well, the Speedy Hire story is unusual and challenges some of 
the preconceptions that people have about Linux. Even those 
who seem keen to believe in Linux buy into some of the 
misleading stories about ‘Total Cost of Ownership’ and the 
readiness of the Linux platform for desktop deployment. This 
story explodes those myths. And more, 

Instead of opting for the usual support package/licensing fee 
from a major vendor, the company opted for consultancy 
support of a no-cost Debian installation. instead of umming and 
ahhing about the state of Linux on the desktop, Speedy just 
deployed it, and got a secure, easily updated environment. Their 
biggest problem is working out how to get a refund for the 
£20,000 worth of commercial OS licences it was forced to 
pay for in the past, but will never use again! 

We also have an exclusive report from the OSCon conference 
in Portland, Oregon. This regular event is seen by many as 2000 
geeks getting together to have a good time, but actually, is a 
great place to find out more about Linux (mostly) and where 


-Various projects are headed. The OSCon speaker list reads like a 


Who's Who of the Open Source world, and we have brought 
back plenty of juicy information to share with you. 

One last thing this issue is our interview with the co-founder 
of Skype. The Linux version of Skype is already pretty popular 
but what's more interesting is how a community-based system is 
actually delivering a better VoIP service than the ones controlled 
by major comms companies. 


Rick Veitch Ecitor 
nick.veitch@futurenet.co.uk 
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OSCON 2004 


It’s the most important Open Source 
conference in the world, so why weren't 
you there? PAUL HUDSON reports 
from OSCon, for those that missed it... 


Only once a year do so many Open Source luminaries gather 
under one roof: and it’s for O'Reilly and Associates’ Open 
Source Convention. Best known for its wide range of books 
(particularly those with animals on the cover), O'Reilly has also 
organised various Perl, PHP, and Python conferences in the 
past. In the Open Source Convention (generally referred to as 
“OSCon’), these three tracks all run together, and are combined 
with extra tracks on MySQL, Java, Security, and Linux, giving a 
conference that few people would care to miss. 
Just about every well-known hacker from the community 
was thera: Larry Wall and Damian Conway talked about Per! 
6, Guido van Rossum discussed Python 2.4, Andi Gutmans 
and Sterling Hughes wowed the crowds with PHP 5, and 
Miguel de Icaza proudly demonstrated Mono 1.0. 

Alongside were companies elbowing to gain the attention 
of the 1,500 or so attentive geeks: from predictable names 
such as IBM, Novell, and HP; to those who just want to be 
seen, such as Microsoft and Apple. ; TUTORIALS AND SESSIONS 
The week was divided into two parts: Monday and Tuesday 
were for Tutorials: three-hour long, in-depth discussions on 
advanced topics such as new features in MySQL or Perl 6. 
Wednesday, Thursday, and Friday are general conference 


Greetings from Portland, Oregon 
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and iChat were prevalent, which actually served to boost LEFT Sunny Portland also had 


the overall productivity of attendees, as they could discuss 4 Red Bull Flugtag event after 
the conference, where people 
lectures as they took place. threw themselves into the 


river for fun and profit. 
BUSY EVENINGS 


After dinner, the entertainment would begin: from a ‘SCO 
Moot Court, where trained lawyers argued the SCO vs |BM 
case, to Novell's ‘Free Speech and Free Beer’ party; and of 
course, the obligatory author book signings that always take 
place when so many notable computing personalities 
gather in one place. Delegates could quite easily keep 
themselves busy from 8:30am until 10pm every day! 
Despite the myriad of tempting distractions, many people 
kept themselves occupied with serious persuits for most of 
the time. Much of the day was spent in sessions (with 
attendees either focusing on a specific track, such as 
MySQL, or seeing a mix of topics), but many used what's 
referred to as ‘The Corridor Track’ — talking to people as 
you bump into them. With so many big names grouped 
together, it's impossible to get to and from sessions without 
walking past someone and thinking, “Wasn't that..?” 


RIGHT Impromptu group 
hacking everywhere you look. 


ABOVE Guido van Rossum’s 
bunny impression is always a 


THE EXHIBITION favourite amongst the crowd. 


Like any good conference, OSCon held a fair-sized exhibition RIGHT The SCO vs IBM Moot 
Court in action. 


of its sponsors, where they could show off their wares: HP 
had rack systems whirring away, Novell demoed the new 
SUSE Linux Enterprise Server 9, Zend launched its new PHP 
certification program, ActiveState launched Komodo 3.0, and 
the usual Open Source favourites (GNOME, MySQL, 
PostgreSQL, etc) turned out in force. 

Free Internet access was provided by Apple over an 
802.11 wireless network, and Apple also provided a suite of 
high-end G5s and laptops where people without portable 
computers could surf the web and at the same time try out 
OS X. Powells Book Store (a Portland-based bookshop 
that really needs to be seen to be believed) sponsored the 
book stand, which meant that, while O'Reilly books were : 

Eric Raymond announces the 


there in abundance, all of APress’ and Pearsons titles were Open Source achievement The lawyer play-acting on behalf of IBM for the moot 
there as well, getting their fair share of exposure too. iim award, won by Larry Wall. court presented a lively and interesting case. 


O'REILLY 


OPEN 


Damian Conway (left) and Larry We 
it’s no wonder Pert 6 is pretty crazy 


PLANS ARE ALREADY UNDERWAY FOR OSCON 
2005, except there are twa new twists. First, the 
conference is now too large for the hotel in Portland, 
SO it’s likely to move somewhere else. Second, it’s 
widely rumoured that Europe will have its own OSCon 
next year, primarily because thousands of European 
developers find making the trip to the US too much 
hassle. It has yet to be decided where the event will be 
held — as O'Reilly tends to choose cities that add a 
little bit of extra spice to the conference, at the risk of 
Opening up a world of gossip, our bets are on either 
Barcelona or Frankfurt. Either way, we can guarantee 
that O'Reilly will continue its tradition of making the 
event a highlight of the Qpen Source year, so we 
strongly recommend you put the training budget aside 
now to send as many of your team aver as you can! 
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MICROSOFT AND LINUX 


MICROSOFT 


AND LINUX 


Linux users’ views on Microsoft are well documented. But 
what's Microsoft ’'s opinion of Linux? Is there any difference 
between what it tells its customers, and what it actually 


believes? We went to MS's anti-Linux FUD-fest to find out... 


As an organisation under the microscope, Microsoft is 
an interesting specimen. Since its conception in 1975, 
Microsoft has gone on to become one of the most 
successful — yet controversial — organisations in the 
world. Although its impressive successes in the 
marketplace have gone on meet the founders’ 
ambitions of a PC on every desk, Microsoft's efforts 
to make this a reality have been tarnished with 
accusations of unfair business practices, use of its 
dominant market position to create a monopoly and 
other accusations of the company playing the IT 
game unfairly. Many would consider the general 
Microsoft story of something of interest, but the plot 
thickens considerably when you look into the on- 
going competition between Microsoft and Linux. 

Ever since Linux appeared as a commercially viable software 
system, Microsoft has typically positioned a quiet yet cautious 
eye on the Open Source OS. In the early days, when there 
were few Linux distributors that were doing any kind of 
serious business, Microsoft was keen to expound that Linux 
was something that it was unconcerned with; no real threat to 
its confident business model. Despite these dismissive 
assertions, a series of jaaked memos referred to as ‘the 
Halloween documents’ (www.opensource.org/halloween/) 
tells a different story. Microsoft was thinking about Linux, and 
being much more cautious internally than the position it 
seemed to express in the cold view of the public eye. 

As Linux continued to evolve and develop, and as it 
became more of a commercial threat to Microsoft, the 
company made more aggressive efforts to shun the 
burgeoning Open Source operating system. The kind of 
methods and language that were used to demote Linux as 


6 LINUX 


| 
i 
| 
| 


something that should be considered inferior to Windows 
were construed by many as Fear, Uncertainty and Doubt 
(FUD) tactics; an increasingly common technique in the 
stability-obsessed IT industry of spreading unease about 
competitors’ products. Microsoft denied such tactics, but 
many casual observers classified Microsoft's methods as 
somewhat aggressive, unintelligent and one-dimensional. 

Recently, Microsoft seems to have taken a slightly different 
approach with its competitive efforts: announcing the Get The 
Facts tour — a series of dates in which “Microsoft hopes to 
bring clarity and focus to the debate, ensuring that choosing 
between Open Source or proprietary software will be an 
informed decision, based purely upon merit”. Shows went 
ahead in Edinburgh, Manchester and Newport, Wales. we 
went along to the Manchester event on Tuesday 29 June to 
have a discussion with Nick McGrath, Head Of Platform 
Strategy; and Dave Overton, Partner Technical Specialist; 
about Microsoft, Linux and the many issues involved. 


THE PR MACHINE 


Each event on the Get The Facts tour consisted of a number 
of presentations, The first was from Microsoft in the morning, 
and then there were a number of presentations from 
Microsoft partners who attended to tell the audience about 
how impressed they were with their Microsoft solutions. Each 
event concluded with an open Q&A session, in which the 
audience could put their views and questions to a panel that 
consisted af McGrath, Overton, the partners and other 
individuals. The event was fairly typical of promotional tours; 
the classy presentation, trendy video shorts and gimmicky 
promotional freebies were all present and correct. 

One distinct criticism that could be levelled at Microsoft 
about the event was its rather apparent one-sided focus. 
There was little doubt that this was a pro-Microsoft event, and 
there were no collaborative partners from the Linux industry 
to add balance to the “clarity and focus” that the organisers 
claimed. We first asked Nick McGrath whether he agreed 
with our assertion that the show was not entirely objective. 
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“No, because if this event was in isolation to other events 
that we are doing and there was nothing else that we were 
doing, | could understand that perspective. This is the first of a 
number of activities that we have done. inJanuary, we 
launched the Get The Facts website. We started to put facts- 
based information on the site and you can download reports 
from organisations like Gartner, META, Forrester and Giga at 
www.microsoft.com/uk/petthefacts/” 

What was interesting from the outset of this tour was just 
how Microsoft would focus its efforts in an engaged and 
objective manner. If we were to believe the first leaked 
Halloween memo back in November 1998, Microsoft then 
conceded that “OSS is jong-term credible .. FUD tactics 
cannot be used to combat it”. This seems to disagree with 
Many pundits’ appraisal of MS's anti-Linux tactics to date, 
such as benchmarking Windows XP against three-year-old 
implementations of Red Hat. So we asked: Did McGrath 
believe that FUD tactics were being used in this tour? 

“The whole purpose of the tour is to engage in @ debate 
with our customers on the relative merits of the Microsoft 
platform in comparison to the Linux and Open Source 
alternatives” he said. He continued, “The primary reason 
behind it is because there is a lot of myth in the marketplace 
that has been borne up through a number of different press 
articles and comments made by a number of our 
competitors. Our customers have been subject to those 
myths, and one of the things we're doing is talking about 
myth and reality. Every single comment made by every 
single person — whether they are a Microsoft person or a 
third party — was factual, measurable and quantifiable, and 
in no way were any of the questions in the Q&A altered, 
changed or otherwise. This is the first step in us coming 
forward and wanting to engage in a dialog, and we want to 
engage in an apen and honest debate’. 

McGrath's declaration that this is Microsoft's first step into 
an apen and honest debate could indicate that the 
organisation is at last taking a more intelligent and refined 
approach to the discussion. We were interested in exploring 
the views of Microsoft with regard to major issues involved 
in the debate, and we set forth to objectively discuss them 
further with McGrath and Overton. 


INTEROPERAGILITY 


Interoperability is an area in which Microsoft was keen ta 
express its continued dedication and commitment. McGrath 
was eager to get over how he considered Microsoft a leader 
in the industry with interoperability with other systems, “Our 
perspective is very clear — we will interoperate within a Linux 
environment. We have a technology called Services for Unix, 
and version 3.0 actually won an award at LinuxWorld in the 
USA and is seen by the community who understand the 
issues Ground interoperability as a fantastic piece of 
technology that is helping customers to feel like they have a 
choice as to whether they go Linux or Windows”. Overton 
also echoed McGrath's views in this area, “It is very unlikely 
in my opinion that we will ever see a world that is 100 per 
cent Microsoft, and it will always be some Microsoft and 
some other technology”. He continues, “Microsoft is 
probably leading the way forward in interoperability, and we 
are making it easier to operate. We are no longer relying on 
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DAVE OVERTON: “The Mono 
project is based on 
information which was shared 
[by Microsoft] with the Open 
community, and Microsoft has 
contributed to assist research 
establishments and 
universities to build this base, 
50 there is an implicit support 
from Microsoft in so much as 
having people understand the 
standards and the framework 
that Microsoft is working on, 
From that perspective, we 
absolutely support the 
research and investment into 
Products such as Mono, In 
terms of competition an the 
Microsoft platform — as is 
always the case - 
competition and choice 
Should always be there” 


NICK MCGRATR: “The 
decision to use a technology 
rests with the developer and 
Microsoft believes that 
freedom and choice is 
incredibly important in a 
vibrant marketplace. 
Customers, partners and 
developers can choose, and 
we would always hope that 
their choice will be Microsoft” 


testing included combinations of static and dynamic content requests and targeted server configurations of 1 


to B processors. in a 4-processor configuration, Windows: 


* Has 276% batter peak performance for static transactions. 


people coming to our website, and we are being much more 
honest in going out to tell you how we can work together”. 
Overton considers Services for Unix a key technology: “ff you 
are a Linux administrator and you want to admin a Windows 
server in the same way, you can have a korn/bash shell, you 
can compile things with GNU tools; you can take advantage 
of all the things you need to take advantage of We give you 
possibly the greatest set of interoperability tools” 

Despite the apparent enthusiasm from both McGrath and 
Overton regarding Microsoft's commitment to interoperability, 
the story still appears to be distinctly one-sided. Although it is 
possible to run a Unix-based infrastructure on Windows, the 
reciprocal interoperability for running Windows-based 
services and supporting Windows-based file formats on Linux 
seems virtually non-existent. Overton disagreed that 
Microsoft's focus is one-dimensional in its implementation: “As 
an example, if you take Services for Unix, you can have the 
Microsoft system as the core for user/password management 
or the Unix/Linux system, and we provide the tools for the 
synchronisation; it doesn’t matter which way you go. We have 
that two-way support. If you take it to the next level with web 
Services, nobody owns web services as they are being defined 
in the apen space in a sharing and caring way so we are 
making sure that our efforts work with that interoperability”. 


MICROSOFT APPLICATIONS ON LINUX 


There is little doubt that one of the major challenges that is 
discouraging migration to Linux systems is application 
availability; many key tools are only available on Windows 
systems. When typically questioned about the potential for 
supporting Linux as an Operating System platform, 
Microsoft has traditionally stated that there is not enough 
market-share to warrant the support. Although it is more 
difficult to quantify the actual market share of Linux due to 
the fact that many people download it freely (usage figures 
can only really be applied to commercial sales), IDC 
claimed in 2002 that Linux would exceed the Mac 

in market-share by 2005, and in a recent IDC 


Information about Samba, Wine and Cedega is rather 
conspicuous by its absence on the Microsoft website. 


Leading companies aid third-party analysts 
confirma it: Windows has 4 lower total cast of 
ownership and outperforms Linux. 
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“WHEN PEOPLE, PROCESS AND 
TECHNOLOGY ARE MARRIED 
TOGETHER, THEN PEOPLE DO NOT 
SUFFER SECURITY ISSUES” 


report Dominique Raviart, senior analyst with IDC’s 

European Services group said, “The market of 
Services around GNU/Linux and Free software is now 
emerging from its niche status and moving into the 
mainstream’ With a number of reports that are often 
based on the more limited sales figures suggesting an 
increased migration to Linux, how can Microsoft ignore 
Linux if the theoretically far higher usage figures are putting 
Microsoft in a hypocritical position by continually supporting 
the Mac operating system, but not Linux? 

“Microsoft as a company will always focus in on what tt 
does best; we built the Windows platform and we built the 
Windows product” McGrath replies. He continues to extol 
the virtues of the Microsoft business model, “We have 
research and development teams in Cambridge for 
example, thinking about the next10 and 20 years of how 
people will use our software. We are going to continue 
putting 20 per cent of our revenue into R&D; US$6.8billion 
annually goes into this area, and we believe all of this adds 
innovation in our software jor our custorners. Most 
custorners say what they like about us is that: 
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1 We stand behind our platform; there are no IP issues and 
we would indemnify if there were. 

2 We have a published10-year support policy and no other 
vendor can offer such a comprehensive support policy 

3 When it comes to pricing, 5 per cent of the total cost is the 
OS, and customers can see that the OS is something so 
integral for their system, and they can see value in purchasing 
a system that has got the maturity of the Windows Operating 
System. in that respect, Microsoft has not lost market share 
to Linux on the server side. Quite the reverse”. 

Cynics would infer that McGrath has failed to offer any 
reason for not supporting the Linux platform. Contrary to 
this answer, McGrath answered a similar question in the 
open Q&A session at the event before the interview and 
explained that one of the reasons why the Mac was a 
supported platform was that Microsoft could work alongside 
Apple regarding the authoring of their products for the 
platform, yet no such interactivity was available for Linux. 
We suspect Red Hat, SUSE, Novell, Mandrake, IBM, Sun 
and the various other organisations involved in the Linux 
industry would possibly beg to differ on this issue. 


SECURITY 


Security has become a prime focus at Microsoft, and this 
focus has no doubt been born out of unparalleled criticisms 
regarding the security of Microsoft products. Despite the 
countless examples of security violations in Microsoft 
products, the organisation still claim they have the most 
secure products in the market place. In many ways Microsoft 
is the victim of its own success; a security exploit for one of 
its products will affect the vast majority of computer users in 
the world and as such generate headline news. This huge 
impact from security issues was echoed by Steve Ballmer, 
Chief Executive Officer at Microsoft's Tech-Ed conference in 
May 2004, “When we have issues, as we've had over the last 
few years with something like security, which winds up 
increasing total cost of ownership and decreasing productivity, 
that’s a setback’. The term ‘setback’ is a classic exercise in 
understatement here, but the cracks of understatement 
have been hastily papered over with a rigid assurance that 
Microsoft means business when it comes to security. Despite 
such assurances, many critics level the ongoing virus 
problem and resultant anti-virus industry as a testament to 
Microsoft's inability to create secure products that are secure 
out of the box. 

“| don’t perceive Microsoft as being responsible for much 
of the security problems that are out there in the 
marketplace, McGrath stated, bravely. He continues, “7 
actually see Microsoft in the same way as our customers 
and users, as victims of the criminals that are writing 
malicious software code that is destroying and impacting 
the lives of so many people around the world and that 
behaviour is committing us to working with law enforcement 
agencies and government departments to try and alleviate. 
Microsoft enjoys a healthy degree of market-share because 
custamers choose to use our products and the world has 
changed from a trusting place where people could turn their 
PCs on and not worry about viruses. It takes me back to the 
days when my Grandmother never locked her door but now 
society needs to lock just about everything’. 
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McGrath's points about the evolution of the IT industry and 
the lack of prediction of such security requirements certainly 
rings true of a problem that has afflicted many in the industry, 
but it appears that Microsoft was too late in the game to 
identify the extent and problems of the threat This has since 
resulted in terrible PR in this area, such as the US 
Department of Homeland Security US Computer Emergency 
Readiness Team and the CERT Coordination Center (a global 
authority on security) making the suggestion that people stop 
using Microsoft internet Explorer, due to its security problems. 
This has resulted in a huge spike of downloads in the 
competing Open Source Mozilia project. - 

McGrath is confident that software is not the only cause of 
the security issues, “What we have found is that when 
people, process and technology are married together then 
people do not suffer security issues”. He continues, “Those 
customers who have got very good people who understand 
Security and understand the issues, understand people, have 
good processes for regularly patching their systems/reading 
Support bulletins, and fook at various technologies; they have 
fewer problems when vulnerabilities occur from one end of 
the network to the other end. | think the IT industry needs to 
Step up to try and alleviate this problem. People have said to 
me that Linux is more secure than Windows; that is a myth. 
There was a report done by Forrester where they looked at 
the number of days of risk that a system was open. On the 
Microsoft side we fixed100 per cent of the vulnerabilities in 25 
days. On the Linux side, Red Hat and SUSE were the next 
closest; 57 days, and not ail of the vulnerabilities were 
actually fixed. That is a clear example of where we are 
getting ahead of our competition”. 

The Forrester report that McGrath refers to is a report that 
has caused a lot of controversy within the Linux community, 
so much so that Red Hat, MandrakeSoft, SUSE and Debian 
all collaborated to write a common statement about their 
conceived inaccuracies in the report. The statement is quite 
clear about the perceived problem in the report: 

“Even though the Forrester report claims so, it does 
not make that distinction when it measures the time 
elapsed between the public knowledge of a security flaw 
and the availability of a vendor’s fix. For each vendor the 
report gives just a simple average, the All/Distribution 
days of risk? which gives an inconclusive picture of the 
reality that users experience. The average erroneously 
treats all vulnerabilities as equal, regardless of the risk. 


internet Expiorer on 
Linux 


NICK MCGRATH: “Microsoft is 
a commercial software 
company and we will build 
software for the platforms 
that we are able to build 
software for in the market, 
and clearly those have a 
degree of market-share”. 


investigating the response time of the Debian security team 
and the result was an average of 35 days to fix vulnerabilities 
posted to the Bugtraq list. Despite this figure, over 50 per 
cent of the vulnerabilities where fixed in a 10-day time frame, 
and aver 15 per cent of them where fixed the same day the 
advisory was released. For this analysis, all vulnerabilities were 
treated the same. This is a perfect example of how using an 
average figure sometimes gives an incorrect impression, in 
this case of how long it takes for security updates ta be 
issued, Pefia has rerun the survey again, this time based on 
vulnerabilities between June 1 2002 and May 31 2003; and 
found that the delay between the disclosure and releasing an 
advisory including a correction was 10 days (the average is 
13.5 days). Like the Forrester report, analysis advisories were 
not classified with different priorities. 


FACING THE FUTURE 


So, is there a difference between how Microsoft regards Linux 
privately and publicly? Well, as a large and competitive 
organisation, Microsoft has the ability to face two ways at the 
same time. On one hand, it can actively slam the merits of 
Open Source and Free software, but another press release 
issued from a different Microsoft office could contradictorily 
sing the praises of the Open Source model if Microsoft makes 
use of the technology. The intricate language of opposition 
and support and the art of misdirection in answering a 
question are all within the remit of high-level businessmen 
such as McGrath and Overton, but this behaviour is certainly 
not unique to Microsoft. Although McGrath did avoid a few 
key points that were put to him, he was also refreshingly 
honest in other areas, Finding a true and accurate position to 
represent one of the largest organisations in the world is a 
difficult challenge, but both McGrath and Overton managed 
to provide a goad balance of direct answers, only slightly 
marred by the spin that characterises the business world. 
Both Microsoft and the Linux industry are currently going 
into competitive overdrive to both bring over new users and 
demonstrate the superiority of their products. The challenge 
for Microsoft is to bring this competitive edge to the industry in 
way that is not considered FUD and spin, and we are unsure if 
the Get The Facts show actually managed this. The one-sided 
aspect of the Get The Facts campaign could undermine 
Microsoft's entire case; the conflict could be said to have 
reached a stalemate, but the skirmishes continue on... mim 


Not all vulnerabilities have an equal impact on all users. 
An attempt has been made to allocate a severity to 
vulnerabilities using data from a third party, however the 
classification of ‘high-severity’ vulnerabilities is not 
sufficient: The mere announcement of a vulnerability by a 
particular security organisation does not necessarily 
make the vulnerability severe — similarly, the ability to 
exploit a weakness over the network (remote) is often 
irrelevant to the vuinerability’s severity”. 

To some onlookers, the Forrester report is an example of 
Microsoft making progress and stepping forward beyond its 
competition, but to cynics it is an example of Microsoft using 
the limelight of the headlines but failing to quantify the 
attention with fair and balanced information. Javier 
Fernandez-Sanguino Pefia composed a survey in 2001 
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“WHEN WE HAVE 
ISSUES... WITH 
SOMETHING LIKE 
SECURITY, WHICH 
WINDS UP INCREASING 
TCO AND DECREASING 
PRODUCTIVITY, THAT’S 


A SETBACK” 


STEVE BALLMER, CEO, MICROSOFT 
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Novell 


SECURITY AND 
STANDARDISATION 


In the second part of our detailed breakdown of Novell's Linux operations, PAUL HUDSON 
looks at how SUSE works to make the most secure distro around... 


One of the biggest myths about Open Source software is that, because it is largely in-depth knowledge of Linux operating system semantics by 
written by part-time programmers working on their code in their spare time without the security and system administrator. 

getting paid for it, it must therefore be of a lower quality than code prepared by Users are encouraged to test the features that SELinux 
employed programmers. Of course, this argument is entirely self-defeating, as many provides. So that users can exchange and discuss their 
people would rather use applications that were written because the developers were experiences, SUSE LINUX has made available a mailing list. 
passionate about producing it, rather than applications that were written because the © Subscription information to this mailing list can be found at 
developers had to feed their family and accepted cash in return for their services! www.suse.de/de/private/support/onlinehelp/mailing 


That said, many enterprises want to have the security of a 
publicly traded company behind their software purchases, 
particularly when it comes to the touchy area of security, 
Yes, Linux continues to be considered a fire-and-forget 
operating system that requires minimal system administration 
to operate, but that’s not to say that users don't want all the 
support and maintenance they can get anyway. The ability to 
turn around qualified and certified software patches is 
integral to the support lifecycle, which means that the 
company most able to provide a fastest response and 
turnaround time for fixes is the one most likely to prevail. 
We asked several members of the SUSE Business Unit at 
Novell how SUSE LINUX Enterprise Server 9 (SLES 9) 
handles security and standardisation issues, and received 
responses from Dr Dan Homolka (Enterprise Architect, 
SUSE — DIR), Steve Gaines (Pre-Sales Manager, Novell - 
$G), Markus Rex (General Manager, SUSE — MIR), and 
Roman Drahtmiiller (SUSE Security Team Leader — RD). 


Li8UX PRO: What are your plans to implement fine- 
grained security in Linux? 

DH: SLES 9 is an enterprise class product, rich in features 
and enhanced functionality; SELinux is an excellent example 
of one such enhancement. The SLES 9 kernel implements 
SELinux from launch. The SELinux extensions in the SUSE 
LINUX kernel and in support packages are available for use 
today; by default the SELinux extensions are disabled for 
reasons of systems supportability. More information about 
supportability can be found in the online release notes for 
SLES 9, which are available on installation. 

SELinux provides a complete security subsystem for 
mandatory access control and separation of information, 
enforced in the kernel. However, the use of SELinux for 
hardening an installed system to allow it to meet the 
tequirements of a highly secure environment requires 
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lists/index.html, and more information about SELinux will 
soon be published on the SUSE LINUX Security main site 


RD: In addition to the ongoing work in improving the overall 
security Status of the SUSE LINUX Enterprise Operating 
System — such as providing seamlessly working security 
updates for breaches that become known, and investigating 
security issues in the software — we are working on multiple 
initiatives that improve the robustness of the operating 
system against attacks of many kinds. 

$G: Novell is working in conjunction with the Open Source 
Community to make Linux more secure by taking key Novell 
(pre-SUSE) technologies and introducing them into the 


“WE WELCOME 
ADDITIONS IN 
THE LSB 2.0 
SPECS AND 
WILL CERTIFY 
FUTURE 
PRODUCTS TO 
THE RATIFIED 
STANDARD’ 


MARCUS REX, SUSE 
GENERAL MANAGER 
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PHOTOS: VISMEDIA 


The rapid development of Linux and the increasing 
public interest has brought a great many case studies 
and examples of people jumping onto the platform 
with open arms. We have seen roll-outs from small 
numbers of office desktops and servers scaling up to 
huge roll-outs by governments and enormous 
organisations. Within the mid-range of these two 
extremes we have also seen a large array of medium 
sized organisations pushing forward with Linux and 
being productive. 
One such organisation is Speedy Hire. Formed in 1977, 
Speedy Hire is a leading provider of equipment hire 
services to UK contractors and builders, industry, utilities 
and the public sector. Operating from over 280 depots 
throughout the country, the group is focused primarily on 
tool hire, with complementary businesses specialising in 
portable accommodation, sanitary, lifting, surveying anc 
power generation equipment. Speedy has enjoyed an 
aggressive growth rate of 20 per cent year-on-year, which 
has been sustained for the past few years with great merit. 
The IT requirements are much the same as any other 
business of its kind; information about customers, sales and 
the inventory need to be stored and processed in a stable, 
accessible and simple manner. In addition to data storage and 
processing, an increasing demand from both customers and 
suppliers to be able to communicate electronically has been 
a driver in the adoption of IT within the Group. “! wouldn't say 
that we are completely unusual. Our main business software 
is the rental application of which we have chosen an ‘off-the- 
shelf’ solution” said Mark Johnson, Group Network Manager 
and architect of the move to a Linux-based solution. This 
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An online ordering system 
powered by Linux that 
dovetails with Speedy’s other 
IT resources completes the 
company’s ail-in-one solution. 


“UNTIL TWO YEARS AGO, SPEEDY HAD 
NOT USED COMPUTERS IN A SERIOUS 
WAY — THEY WOULD’VE BEEN BOUGHT 
AS ONE-OFFS AND INDIVIDUALLY...” 


main business application that Johnson refers to is a 
terminal-based system for managing the different types of 
information in a centralised manner Although Johnson had 
the flexibility of running the business application on any 
system that can provide a shell, he was reluctant to spend 
money on installing commercial shells across the network just 
to run the application. 


De 
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Speedy uses a simple 
locked down GNOME 
desktop derived from 
Debian Woody. 


CONSIDERING THE BEST OF BREED 


Citing uptime and bandwidth as key challenges within his IT 
infrastructure, Johnson faced a number of key objectives 
and challenges in bringing Speedy to a more flexible IT 
environment. A Unix administrator of many years, Johnson 
was fully aware of solutions that were available to him. 7 
have been working as an IT professional since1986 and I 
have been involved with a mixture of support, consultancy 
and project management roles throughout my career” 
Johnson said. He was farniliar with Unix and the IT industry 
in general and did have some prior experience with Linux 
before masterminding the company’s move to the OS: 

‘I started off looking after Windows systems, but a fleeting 
glimpse of an early Slackware system back in1994 in South 
Wales stuck in my mind and I have subsequently dabbled 
with Linux from that very day. | have supported various 
systems in my time, Windows 3.11, Exchange, IBM AIX, Sun 
Solaris, Cisco, Linux etc. My job roles have included places 
such as Co-operative Wholesale Society CWS Travelcare, 
Barclays Bank PLC, GEC Marconi and Ordina UK”. 

With Johnson's expansive experience and a belief that 
Linux was the right choice, in November 2002 he and his 
colleagues Colin Gresty and Paul Awati started to lock into a 
Linux-based solution. “Up until two years ago, Speedy had not 
really used computers in a serious way, if there were 
computers in the group they would have been hought as 
one-offs and used individually’ Johnson stated. He continues, 
“There was no group-wide or even company wide system that 
everyone was using. When the decision was made to 
computerise the existing manual process and put a computer 
in every depot, some decisions had ta he made. The reasons 
to choose Linux were based on a number of reasons: 

1 Security — users were less likely to be able to fiddle with 
them and install unauthorised software. 

2 Stability - Linux had proven itself to be a stable 
platform, and one that had been proved to ourselves 

in our own experiences with Linux over the years. 
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3 Pricing - The cost of ficenses jor an office suite 
and terminal emulator for each PC would have 


quickly mounted up and Linux could save on these costs” 

The choice to go ahead with Linux was clearly a 
straightforward choice for Johnson to make. He was 
certainly aware of the technical capabilities and benefits of 
running Linux, but he Was equally aware of some of the 
challenges that.hbe faced One of the biggest hurdles was 
how he was going to deal with OEM,versions of Microsoft 
Windows that he.no longer n | “Unfortunately we were 
unable to get await withoututhe.OEM license, but also at the 
time the OEM license gave us @ badkeout pian if the Linux 
thing went really wrong? Johnson explained. The situation 
with OEM licenses is clearly something that frustrated 
Johnson while considering the system. He estimates that 
around £20,000 has been spent on licenses that Speedy 
simply do nat need; licenses that the organisation was 
forced into buying due to their hardware agreement. 
Johnson's attempts to remedy the situation with their 
hardware providers and IBM directly (the manufacturer of 
their computers) fell on deaf ears. Jonnson hopes that the 
situation can be improved for other businesses of a similar 
size in the future. 


LINUX EMAIi. 


Although the system was installed and working without a 
hitch, Speedy was keen to continue to refine and evolve its 


"Words mry > Woes 
. Ble Edit Vew Go Bookmarks Jools tYindow Help 


THE COST OF LICENCES FOR AN OFFICE 
SUITE AND TERMINAL EMULATOR FOR 
EACH PC WOULD HAVE MOUNTED UP, 
AND LINUX SAVED ON THESE COSTS. 


Speedy employees can log into 
their email accounts from any 
workstation in the company. 


Mozilla and Horde combine to 
offer Speedy staff a fast and 
efficient webmail service. 
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IT systems. “in addition to rolling out the completed solution, 
we have also just completed the implementation of an 
email system for the depots that is also running on Linux” 
Johnson opines. He continued, “We have a IBM xSeries 
Server running Debian Woody with Postfix, Cyrus IMAP 
Horde IMP and OpenLDAP giving a stable mail service to the 
depots. The depots access this via the Mozilla web-browser’. 
This was not the only improvements that were on the cards. 
“We are also in the process of replacing our existing RADIUS 
Server with a Linux based solution, running Debian Woody 
on an IBM and utilising xtradius with a PostgresSQL backend. 
We also have a few other Linux boxes dotted about doing 
various things like databases, DNS, and web-serving, he 
recounted enthusiastically. 

Despite the benefits and ease of rolling out a customised 
Linux solution, Johnson's main worry was how the users of 
the systems may react to an IT environment that is ‘different! 
Although he was expecting (and planned for) a raft of user- 
support phone calls, he was pleasantly surprised. “We have 
had no real issues with regards to the use of Linux from the 
end-users, they all use the software easily enough and 
OpenOffice.org works well for them. We have had people 
asking why we haven't been using it earlier in the head offices 
rather than other office suites!” Johnson exclaimed. He was 
also keen to extol the virtues of his support agreement; an 
area in which many Linux nay-sayers condemn the platform, 
usually due to a lack of understanding of the way in which 
many third-party organisations can provide Linux services. 

“We have a central helpdesk that acts as a first-line 
support desk, they will provide a@ quick assessment of the 
problem and depending on the nature of the problem, pass 


solution, Johnson liaised with midlands-based 
Clockwork Software - that has previously worked 
with Ford, MG-Rover and Land Rover — to create 
& pian for the Speedy IT infrastructure, As a 
solutions provider who have a knowledge base of 
Red Hat and Debian systems, Clockwork had the 
flexibility to direct the right technology at the 
problem. After brainstorming the different options 
and building some test systems, the team were 
approaching a solid solution, Throughout this 
process, Clockwork was confident that Linux 
could provide a compelling solution for Speedy: 
“It is very simple to create @ stripped-down 
desktop environment — in this case, there are just 
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four icons and a logout button,’ said Katherine 
Goodwin, one of the team at Clockwork who 
worked with Johnson. She continues, “We also 
lock down the configuration, so that end-users 
cannot inadvertently change settings which may 
cause future confusion. This reduces support cails 
and training costs, and ensures a common 
interface across the organisation. Also, 
unauthorised or itfegal software cannot be 
installed, avoiding legal liability and preventing 
damage due to viruses and malicious software”. 
Alongside her colleagues at Clockwork 
Software, Goodwin was confident that a Linux 
solution would not only supply Speedy with a 
dependable system, but a system that was highly 
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John Brown, Chief Executive; 
and Steve Corcoran, Chief 

Operating Officer. 
| 


that on to a resolver group to solve it” he said. He went on: 
“The resolver groups are people like BT for communications 
problems, the company that provide the rental software - 
application problems, etc. For the Linux software, we have a 


contract with Clockwork Sojtware who also helped us 


Gevelop most of our Linux-based systerns. We pay them for x 
amount of days-worth of support each month and they 
report to us what calls they received and also answers to 
common problems, so we can increase the first-line fix rate” 


orientated around specific business requirements, 
“The flexibility of the Open Source software stack 
allows us to mix and match different components 
So that we can provide a solution that is actually 
tailared to meet user requirements,” Goodwin said. 

InJanuary 2003, three months after the initial 
decision to opt for a Linux solution, Johnson 
unveiled the system at some test depots. After 
some successful trials, the complete roll out 
started in April 2003 and was completed in 
February 2004. “The biggest use of Linux software 
has to be in the depots, all but approximately 15 
depots use IBM PCs running Linux” Johnson said. 
He continues to share with us what runs his 
network, “The Linux PCs run Debian Woody and 
the Linux Terminal Server Project. The desktaps are 
a stripped dewn GNOME desktop with 


OCTOBER 2004 


THE RIGHT CHOICE 


With the solution in place and ticking over nicely, Johnson is 
Confident that Speedy has made the right move in defining 
Linux as its platform. What is particularly interesting about 


the Speedy case is that the solution was provided in a non- 


OpenOffice.org, Mozilla and @ modified xterm for 
connection to the main rental application running 
on an IBM RS6000”. 


CENTRALISATION & SYNCING 


One of the most interesting aspects of the Speedy 
system is how truly centralised maintenance js. This 
was a core requirement from the initial design of 
the solution. “It was a design goal to achieve a high 
degree of automation when installing and 
configuring the system — from the operating 
system upwards,’ stated Goodwin. She continues 
to explain how this was possible, “Because Linux is 
highly modular and fully specified, we were able to 
create our own custom installer and hook inte the 
Stondard configuration system”. This centralised 
system that Goodwin speaks of consists of the 


typical fashion, even within the culture of the Linux industry. 
Instead of Speedy calling Red Hat or Novell to discuss with 
them about architecting a solution based on their 
commercial Linux distributions, Speedy has instead 


Debian package repository at the heart of the 
operations center, and each client on the network 
synchronises its packages each day. To upgrade the 
entire network of machines or add a new business 
feature to the clients, Speedy simply need to 
update the packages in their central repository 
with the desired changes and the entire network 
will be updated. This has greatly simplified network 
and software maintenance. Goodwin continued to 
sing the praises of Debian, “The Debian package 
management system allowed us to choose quality 
Open Source software from a wide range of well- 
tested packages, and to install and maintain these 
ina simple but flexible manner, At the time, Debian 
was also the only mainstream Linux distro that 
allowed us to implement the system we have for 
keeping on-site software in sync remotely” 
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partnered with a small Midlands-based company to 

capitalise on the inherently free Debian platform. 
The benefits of using Debian as the distribution of choice 
has centralised maintenance and promised Speedy with a 
consistent future of Free software and updates. “The Open 
Source solution présddes US MGy aibig advantage in that we 
have access to all the code" 
‘1s the ultimate insural 
1 /f our Linux sug 
disappear for wiht 


son shares. He continues, 


get them to support US INSTEON 
2 If there was Gn element of th Dita Was. big 
issue andl causing us Maier probes, we have the source 
code to hand so that we Gouid fix the problem” 

A consistent IT future that can theoretically outlive that of the 
solutions provider is much more difficult with proprietary 
products ~ another reason) why Speedy chose Linux 


INSPIRATION TO OTHERS 


With a successful solution implemented on over 550 
desktop machines, and a predicted growth to 400 depots 
and over 800 desktops in three years, the casual observer 
could take some great inspiration from the work of Johnson 
and his partners at Clockwork Software. In a market that is 
getting fiercer in competition, it is good to see real, tangible 
and measurable progress being made in migration efforts to 
Linux. What is also inspiring is that the progress that has 
been made in this particular case has been with a small-to- 
medium-sized organisation. The news wire is often glowing 
hot with huge take-ups of Open Source based solutions in 
government and large corporations, but companies such as 
Speedy making the move demonstrates a real world 
applicability of the platform. Johnson is aware of the 
potential his case may be proving but he is modest about 
its potential for setting a trend: ‘From what | am aware of | 
think we have proven that you can use Linux in a business 
environment, so yes we have proved that it can be done and 
that it works and works well”. 

With the confidence that Linux has provided a better 
solution for a lower cost and an increased feeling of control, 
it is difficult to see how the platform could have marked a 
bad decision for Speedy. As more companies migrate to 
Linux and more small migration consultants set up 
businesses, the challenges that stand in the way of moving 
to Linux are greatly reduced. mil 


A HIGH DEGREE OF 
AUTOMATION AND THE 
ABILITY FOR SPEEDY TO 
PERFORM CENTRALISED 
MAINTENANCE WAS A 
CORE DESIGN GOAL 
FROM THE OS UPWARDS 
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The OpenOffice.org productivity suite is used for making orders and printing documents. 


Linux adoption is often a 
business decision that depends 


as much on political will as ea al 
does on the technical details - 
Speedy’s migration was eased 

by management appreciating 

all the facts in both areas, 
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The file-sharing 
service KaZaA 
earned cult status and 
7 a brush with the law for 

k its founders. Now they 

. want to use the P2P 

a technology to handle 
telephony. But can Skype 
win mainstream approval — 

and make any money? Co- 

founder Niklas Zennstrém shares 

his vision with NICOLA SMITH. 


CASE STUDY: SKYPE 


“When the inventors of KaZaA are distrifsuting for free 
alittle program that you can use to talk to anybody 
else, and the quality is fantastic, and it’s free — it’s 
over, The world will change now inevitably.” 

This is what Michael Powell, chairman of the Federal 
Communications Commission, told Fortune magazine about 
a ‘little program’ called Skype in February this year. But 
there have been countless new, cutting-edge, never-been- 
done-before technologies launched over the last few years, 
most of which have either died a death or become niche 
products popular with a minority. Why should Skype worry 
the chief regulator of the USAs telecoms industry? 

Well, because in less than a year the product has been 
downloaded aver 13 million times; and by the time you've 
fead through to the end of this article, another 150 users 
will have registered — all without any real marketing. The 
team behind KaZaA has struck gold again. 

KaZaA was the technology that enabled consumers to 
share their files on the Internet for free — not just copyrighted 
music, despite what the Recording Industry Association of 
America (RIAA) seemingly tries to make everyone believe 
about the nature of filesharing technology — thrusting its 
creators Niklas Zennstrém and fellow Swede Janus Friis into 
the public consciousness in 2000. Based on peer-to-peer 
(P2P) technology, KaZaA incited outrage and legal action 
from the music industry. A simple idea was applied by its 
users to meet a massive and enduring consumer demand: 
free access to a worldwide library of music. KaZaA was 
eventually ordered to be shut down in early 2002 due to 
alleged infringement of copyright laws, although the courts 
were never able to prove that Zennstrom and Friis were guilty. 


CULT FRICTION 


KaZaA might have upset the music industry with its 
innovation, but the stir it caused ultimately worked in its 


“KAZAA MADE US ASK 
WHERE WE COULD USE 
P2P TO SOLVE REAL 
PROBLEMS...” 


favour, supporting the old maxim that ‘no publicity is bad 
publicity The KaZaA product swiftly acquired cult status and 
computer users across the world just couldn’t resist the 
combination of free music and the added thrill that they 
were doing something forbidden. 

Zennstrém and Friis eventually decided to sell the KaZaA 
software in order to extricate themselves from the situation, 
but the pair were far from deterred. The furore KaZaA 
caused only served to fuel their desire to have another go 
at using technology in an innovative, pioneering way. The 
fact that their brainchild upset so many people convinced 
them that they had hit on something. A year ago, the duo 
launched Skype (www.skype.com), free DIY internet 
telephony — software that uses the internet as a telephone 
carrier — based on the P2P technology that made 
KaZaA possible. “Skype was an indirect result of 
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KaZaA,’ admits Zennstrém. “lts success made us ask 

where we could use P2P technology to solve real 
problems. We then realised that VoIP [Voice over Internet 
Protocol] was something that had been around for10 years 
but had not really worked that well” 

Zennstrom identified that broadband usage had reached 
critical mass, offering higher quality and lower congestion. 
“Five years ago, making a VoIP call was like making a mobile 
call in an elevator’ he says. in other words, not good 
enough to prompt mass take-up. 

But over time the infrastructure improved, people became 
more comfortable about using the internet, and it was, as 
Zennstrom puts it, “time for VolP to work” Some practical 
problems remained, including the fact that most end users 
have some sort of firewall or router in place, which makes it 
difficult to connect to an invisible IP address. Skype's 
technology overcame this to work behind most firewalls and 
gateways without compromising security. The technology has 
no servers to maintain or set up, and no workstations to 
configure. Users just need a sound card and headset, 
alongside an internet connection and 10MB of spare 
memory, yet calls made using Skype are, says Zennstrém, 
“the most secure form of voice communication you can use,’ 
thanks to end-to-end encryption that ensures privacy. 


Suddenly, the product had huge market potential. But to 
get it ready for market wasn’t easy. The technology behind 
Skype is the product of 30 man-years, and was over two 
years in ‘real -time’ making. “It’s quite advanced technology 
but it solves some real problems; says Zennstrém. “The 
biggest problem it solved was just allowing people to make a 
call very easily using the Internet. Some businesses can 
develop technology that works very wel! some of the time - 
in an ideal world — but not all of the time” Skype apparently 
works very well all of the time. 

To the untrained eye, the product is comparable with the 
likes of MSN Messenger (www.messengermsn.co.uk) 
and FreeWorld Dialup (www.fwenet.net), but the analogy 
adopted by Zennstrém to lay this misconception to rest is 
obviously well worn. “if you have a car fitted with a Bang & 
Olufsen stereo, you can use the car to listen to music, but it's 
not the purpose of the car The purpose of the car is to be a 
car And a Bang & Ofufsen stereo is designed purposefully to 
be a stereo” 

Still with him? “So MSN Messenger is designed for sending 
texts and for instant messaging, and it has added voice 
capability But it's not purposefully designed for voice 


J 
Believe the hype 


USING PEER-TO-PEER 
technology, Skype enables 
consumers to make unlimited 
free voice calls anywhere in 
the world to other Skype 
users, via the Internet. The 
software is free to download 
and free to use. Consumers 
just need to plug in a headset 
fo their computer to have a 
conversation. 

Skype is also available to 
use on wireless-enabled PDAs 
running Microsoft Pocket PC 
software, thanks to the 
beta launch of PocketSkype 
earlier this year. 

Customers of a forthcoming 
subscription service wilt be 
able to use Skype to make 
calls to fand fines and mobile 
phones all over the world. 


“IEF YOU CHALLENGE: 
THE STATUS QUO; 222 
THERE WILL BE SOME 


COMPANIES WHO 
DON’T LIKE-AT: 


capability’ He's right. While other comparable products offer 
free voice calls over the internet - even in conjunction with 
a webcam — the only thing they really do well all of the 
time is instant messaging. Voice quality is unpredictable and 
often poor. Those products that do claim to do more, such 
as FreeWorld Dialup, are often complex systems which 
demand that consumers have a certain level of technical 
understanding. “You need to sign up, create an account, 
download the software and configure it yourself’ says 
Zennstrém. In other words, the kind of products that are so 
complicated they're likely to make many consumers want to 
throw their computer out of the window — a perception 
that the likes of the Linux OS has been fighting for years. 

Not only does Skype offer crystal clear voice quality that 
introduces a new intimacy to a conversation - on a par 
with being under a duvet with the other party - Zennstrém 
has also ensured that user-friendliness is top of the list. 
“Technology has to be easy-to-use for the end-user If you 
do that you've got a good chance of making it work. 
Businesses need to remember that — think of the end-user” 

Skype really does live up to this ideal. The software is 
automatically downloaded from the website in several 
minutes, and all consumers need to do is plug in their 
headset, search for a friend on the directory and click on 
the name to make the call. The ring tone is a reassuringly 
traditional ‘brring brring’ 

But while Zennstrém’s technical ability and consumer 
empathy have helped him to create an arguably world- 
beating product that already has six million users in 170 
countries, there appears to be one small flaw in his plan - 
he has yet to make any money. 


THE MONEY QUESTION 


Skype software is free to download and, due to the nature of 
P2P technology, it’s free to make calls to other Skype users, 
regardless of where they are in the world. But the Skype - 
site also prides itself on being an advertising-free zone, 
necessarily eliminating an obvious source of revenue. “We 
want to keap it simple for the consumer’ insists Zennstrém. 

Of course this is a luxury that many online companies 
can't afford. Advertising is often the main source of income 
while a site builds a presence and seduces users with its 
offering before charging them for it. Skype has venture 
capital backing from investors in the US and Europe, with 
second-round funding alone totalling US$19 million (£10.5 
million), giving it the opportunity to spend three years 
building a user base and enhancing the technology without 
worrying about the trifling matter of money. 
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Niklas Zennstrém 


@ TITLE: Co-founder of Skype 

@ AGE: 38 

® CV: Various roles at pan-European 
telecoms operator Tele2 inciuding CEO of 
the everyday.com portal before co- 
founding KaZaA in 2000 , the world’s 
most downloaded Internet software to 
date. Later founded peer-to-peer 
software company Joltid, and co-founded 
Altnet, a peer-to-peer network 
promoting commercial content. 

@ BUSINESS TURN-ONS: Innovation 

@ BUSINESS TURN-OFFS: Having to fire 
people! 

®@ GOALS: To make Skype one of the big 
internet brands among eBay, Yahoo!, 
Google and Amazon. 

@ FAVOURITE WEBSITE: 
www.google.com 


With hefty financial backing and a product that’s self- 
perpetuating, or viral, by nature, Zennstrém’s team has 
been able to watch the user base grow while spending time 
developing rather than marketing the product. 

In development terms, the strategy is paying off. In 
February, Skype launched a conference-calling facility that 
enables five people to talk to each other at once regardless 
of location — and for free, of course. Two months later, it 
launched a beta version of PocketSkype, which enables users 
to make free calls on the move, via any wireless-enabled 
device running Microsoft Pocket PC software. Zennstrém sees 
this as significant for the wireless mobile market, enabling 
consumers to make considerable cost savings while keeping 
in touch when away from their desks. With analyst firm 
Gartner predicting that there will be over 167.000 public Wi- 
Fi hotspots globally by 2008, coupled with over 75 million 
wireless users worldwide, PocketSkype looks like good timing. 

The venture capitalists have been patient, Now, and only now, 
is Skype talking about charging for its services. The company 
has just launched SkypeOut, which will enable people to use 
Skype to call land lines and mobile phones in addition to 
other Skype callers on PCs. “Skype software is free and 
Skype-to-Skype calls will always be free, but we will start to 
charge jor value-added services” says Zennstrém. 


FROM FREE 10 FEE 


SkypeOut is a pre-paid service where users can purchase 
credits by creating an account. They should benefit from 
calls that are priced “highly competitively because most of 
the call will travel over the internet, yet will reach its 
destination as a local call. Zennstrém predicts that “calling 
China will be as inexpensive as calling up the road”. 

It all sounds very easy. But there are doubts that Skype 
has a high enough profile to penetrate the mainstream 
community. Zennstrém, predictably, disagrees. “We have 
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only really used word of mouth so far plus some media 
work, but we've become very visible very quickly partly 
because of KaZaA. People have taken an interest in us and, 
since KaZaA, have come to respect us” 

It's true that KaZaA prompted what both Zennstrém and 
Linux Format would refer to as ‘geeks’ to start talking about 
Skype on message boards as soon as the product came 
out. People with a technical bent were intrigued about what 
other disruptive use P2P technology could be put to by the 
two men from Sweden, and their online chat rooms 
provided a perfect viral marketing vehicle. 

Even if, as with any new technologies, the first Skype 
users were technically-advanced, they quickly introduced it 
to those they called. “The early adopters heard about the 
product and told friends, family and colleagues” says 
Zennstrém. “The nature of Skype is that it spreads easily’ 

But the company can’t rely on the initial notoriety of KaZaA 
and word of mouth forever. It is kicking off other activities, 
starting with a campaign with headset manufacturer 
Plantronics (www.plantronics.com), which will promote 
Skype with its headsets. A similar campaign with Siemens 
(wwwv.siemens.com) is also in the planning stages. 

Zennstr6m readily admits that there will be some 
companies that won't want to become Skype partners. 
While many businesses have come to respect the ingenuity 
and innovation of the company, he acknowledges that “f 
you chalfenge the status quo, there will be some companies 
who don’t like it” The music industry is ne fan, with a 
spokesperson from the RIAA on record as saying, “They 
[Zennstrém and Friis] have resulted in significant damage to 
the record industry’ 

Next up is the telecoms industry, which, as Michael Pow 


reaction shows, is already starting to shift uncomfortably in its 
seat. And well it might. If people become as happy to pay for 
Skype's added-value services as they are to use the free ones 
— which will be the real test for Zennstrém — we can expect 
quite a revolution. For an in-depth look at the Skype software, 
see the review in this month's Linux Format magazine. mim 


@ Keep technology products simple, especially the 
front end. Businesses launching clever new technology 
Must make sure they don’t forget that the end-users 
aren't likely to be as technically sophisticated as the 
developers of the software. 


@ Look after early adopters and nurture your user- 
base. If you make it easy for your customers to tall 
their friends and family, perhaps even incentivising 
users to spread the word, the product will market itself. 


§ Identify how your product or service can solve real 
problems. Make your offering indispensable and invest 
time in showing your customer base how it will work 
for them before you charge. Seducing customers with 
a taster will make it much easier to charge for your 
service and win customer loyalty. 
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Rackspace has more 
certified Redhat Linux 
technicians than any 

other managed 

hosting company. ho oa 


Easy to say - difficult to do. 


day & night 
True 
support doesn’t sleep, never gets complacent, & never nips off for 5 
minutes. 
spare pair of pants in its drawer 


...but at least it’s loved by its clients. 


As part of Rackspace Managed Hosting Fanatical Support, Hans Huberland will answer your questions. = 
E-mail him at sysadminqa@rackspace.co.uk, and answers will appear in next month’s Linux Format. -—— 
= 


To find out about our managed hosting services, call O800 085 3973 rack 


ae . MANAGED ~ HOSTING 
or visit us at www.rackspace.co.uk/committed. 


